سياسة الخصوصية

Privacy Policy (English)

Effective date: 2026-05-07

1. Who we are

TicketShop Syria operates a bus-ticket booking platform for inter-city travel in Syria. The platform comprises an Android customer app, a web booking site, and a partner dashboard for bus operators. This policy applies to all of them.

2. Data we collect

We collect only what is needed to deliver the booking service:

• Passenger details: full name (required), phone number (required), email (optional), and gender (required — used for seat assignment per operator policy).
• Booking details: selected route, date, seats, operator, chosen payment method, and a booking reference code.
• Payment details: when paying with Sham Cash, we ask you to enter the reference number Sham Cash gives you after the transfer. We do not request or store any bank-card or bank-account information. The transfer itself happens outside our app, directly through Sham Cash.
• Push-notification device token: a Firebase Cloud Messaging (FCM) token bound to your Android device, used solely to deliver booking status notifications.
• Anonymous session identifier: a random UUID generated locally on your device and kept in app storage. It links your bookings to your device so you can view them on the "My Bookings" screen without creating an account. It contains no personally identifying information.
• Server logs: we briefly record technical metadata (IP, user-agent, request time) for security and diagnostics. Sensitive fields are automatically redacted from these logs.

3. Data we do NOT collect

• We do not collect your geographic location.
• We do not access contacts, photos, files, camera, or microphone.
• We do not use third-party behavioural-analytics SDKs (no Google Analytics, no Firebase Analytics, no Facebook SDK, etc.).
• We do not show ads and do not integrate any ad network.
• We do not knowingly collect data from children under 13 (see section 8).

4. How we use your data

• To issue your ticket and let the operator board you.
• To send booking confirmations and trip details (in-app or via email if provided).
• To send booking-status push notifications via FCM, exclusively for: payment verification, booking cancellation, and trip cancellation by the operator.
• To show your past bookings on the same device via "My Bookings".
• To allow the operator to contact you when needed (e.g. departure-time changes).

5. Who we share your data with

We do not sell your data and do not share it for marketing. We share only with:

• The bus operator you book with: they receive your name, phone, and seat. This is required to deliver the service.
• Google Firebase Cloud Messaging: to deliver push notifications. Notifications carry no sensitive data; Google uses the device token for delivery only.
• Legal authorities: if we are legally compelled by court order or regulatory request.
• Meta Pixel (this website only): a measurement tool from Meta we use on this site's pages to evaluate the effectiveness of our ads. The pixel is not loaded until you give explicit consent via the banner at the bottom of the page. When granted, Meta receives basic visit information (page URL, referrer, device, IP). The pixel is not used inside the Android app. You can withdraw consent at any time using the reset consent preferences control.

We do not share your data with Sham Cash — you initiate the transfer yourself in their app, and we receive only the reference number you provide so we can verify the payment.

6. Where data is stored and how we protect it

• Data is stored on servers we operate ourselves, located in the EU.
• All traffic between our apps and our servers uses encrypted HTTPS/TLS.
• Administrative access is restricted to our operations team, and each partner operator can only see bookings on their own trips.
• Request logs are kept briefly, with sensitive personal fields automatically redacted.

7. Retention

• Booking data: retained for the life of the service plus a statutory period for accounting and audit (typically seven years under applicable rules).
• FCM push token: deleted when you uninstall the app or disable notifications.
• Anonymous session identifier: deleted when you clear app data or uninstall.
• Server logs: rotated regularly and not kept beyond what is needed for security and diagnostics.

8. Your rights

You can at any time:

• Request a copy of the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data, subject to legal retention obligations.
• Withdraw consent for push notifications via the app or your operating system settings.

To exercise any of these rights, email us at [email protected]. We aim to respond within 30 days.

9. Children's privacy

Our app is not directed to children under 13. We expect a parent or legal guardian to make bookings on behalf of minors. If we learn that we have collected personal data from a child under 13, we will delete it once verified.

10. Changes to this policy

We may update this policy to reflect product improvements or new legal requirements. When we make material changes we will update the "Effective date" above and may notify users in-app or by email.

11. Contact us

For any question or request related to this policy or your data, contact us at [email protected].